summary refs log tree commit diff
path: root/gnu/packages/tls.scm
diff options
context:
space:
mode:
authorMark H Weaver <mhw@netris.org>2016-05-03 13:06:00 -0400
committerMark H Weaver <mhw@netris.org>2016-05-03 13:31:50 -0400
commit3c1d2981ff0cc63c74d10e78fe9e2b056e9f4ac0 (patch)
treec4df997faababe5a79f3c5a3eccd9e8388aad341 /gnu/packages/tls.scm
parente760ec4187244c0960f21803abef1849c97a8203 (diff)
downloadguix-3c1d2981ff0cc63c74d10e78fe9e2b056e9f4ac0.tar.gz
gnu: openssl: Replace with 1.0.2h [security fixes].
Fixes CVE-2016-{2105,2106,2107,2109,2176}.

* gnu/packages/tls.scm (openssl)[replacement]: New field.
(openssl/fixed): New variable.
Diffstat (limited to 'gnu/packages/tls.scm')
-rw-r--r--gnu/packages/tls.scm20
1 files changed, 20 insertions, 0 deletions
diff --git a/gnu/packages/tls.scm b/gnu/packages/tls.scm
index 0f4441d70c..6685ee0349 100644
--- a/gnu/packages/tls.scm
+++ b/gnu/packages/tls.scm
@@ -198,6 +198,7 @@ required structures.")
   (package
    (name "openssl")
    (version "1.0.2g")
+   (replacement openssl/fixed)
    (source (origin
              (method url-fetch)
              (uri (list (string-append "ftp://ftp.openssl.org/source/"
@@ -298,6 +299,25 @@ required structures.")
    (license license:openssl)
    (home-page "http://www.openssl.org/")))
 
+(define openssl/fixed
+  (package
+    (inherit openssl)
+    (source
+     (let ((name "openssl")
+           (version "1.0.2h"))
+       (origin
+         (method url-fetch)
+         (uri (list (string-append "ftp://ftp.openssl.org/source/"
+                                   name "-" version ".tar.gz")
+                    (string-append "ftp://ftp.openssl.org/source/old/"
+                                   (string-trim-right version char-set:letter)
+                                   "/" name "-" version ".tar.gz")))
+         (sha256
+          (base32
+           "06996ds1rk8xhnyb5y273a7xkcxhggp4bq1g02rab55d7bjhfh0x"))
+         (patches (search-patches "openssl-runpath.patch"
+                                  "openssl-c-rehash-in.patch")))))))
+
 (define-public libressl
   (package
     (name "libressl")